package com.huwei.modules.base.config;

import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import com.huwei.modules.base.properties.ShiroProperties;
import com.huwei.modules.base.shiro.AuthenRealm;
import com.huwei.modules.base.shiro.CredentialsMatcher;
import com.huwei.modules.base.shiro.JwtFilter;
import com.huwei.modules.base.shiro.RoleOrAuthorizationFilter;

import java.util.HashMap;
import java.util.Map;

import javax.servlet.Filter;

import org.apache.shiro.mgt.SecurityManager;

@Configuration
public class ShiroConfig {
	
	/**
	 * 自定义shiro路径拦截，处理同一类型url多个角色可访问问题
	 */
	@Bean(name="jwtFilter")
	public JwtFilter jwtFilter() {
		return new JwtFilter();
	}
	
	@Bean(name="shiroFilter")
    public ShiroFilterFactoryBean shiroFilter(
    		@Qualifier("securityManager") SecurityManager manager
    		, @Qualifier("shiroProperties") ShiroProperties properties
    		, @Qualifier("jwtFilter") JwtFilter jwtFilter) {
        ShiroFilterFactoryBean bean=new ShiroFilterFactoryBean();
        bean.setSecurityManager(manager);
        Map<String,Filter> filters = new HashMap<String, Filter>();
        filters.put(properties.getUrlFilterRoleOr(), new RoleOrAuthorizationFilter());
        filters.put("jwtFilter", jwtFilter);
        bean.setFilters(filters);
        //配置登录的url和登录成功的url
        bean.setLoginUrl(properties.getLoginUrl());
        bean.setSuccessUrl(properties.getSuccessUrl());
        bean.setFilterChainDefinitionMap(properties.urlFilter());
        return bean;
    }
    //配置核心安全事务管理器
    @Bean(name="securityManager")
    public SecurityManager securityManager(@Qualifier("AuthenRealm") AuthenRealm authRealm) {
        DefaultWebSecurityManager manager=new DefaultWebSecurityManager();
        manager.setRealm(authRealm);
        return manager;
    }
  //配置自定义的权限登录器
    @Bean(name="AuthenRealm")
    public AuthenRealm authRealm(@Qualifier("credentialsMatcher") CredentialsMatcher matcher) {
    	AuthenRealm authRealm=new AuthenRealm();
        authRealm.setCredentialsMatcher(matcher);
        return authRealm;
    }
    //配置自定义的密码比较器
    @Bean(name="credentialsMatcher")
    public CredentialsMatcher credentialsMatcher() {
        return new CredentialsMatcher();
    }
    @Bean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor(){
        return new LifecycleBeanPostProcessor();
    }
    @Bean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator(){
        DefaultAdvisorAutoProxyCreator creator=new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(@Qualifier("securityManager") SecurityManager manager) {
        AuthorizationAttributeSourceAdvisor advisor=new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(manager);
        return advisor;
    }
}
